Security is the biggest concern among 211 senior level IT and business decision makers at Canadian organizations that in some way use cloud computing, according to a vendor survey.

Seventy-five per cent of respondents listed that as their number one worry with cloud computing according to the survey, paid for by Toronto-based solutions integrator Scalar Decisions and released this month.

Second on the list were integration concerns, followed by concerns the cloud couldn’t support operation performance requirements.

Just over one-third (36 per cent) said their organization had general security policies and no formal cloud security policy in place, with another 10 per cent saying their organization had undocumented informal security policies.

Fourteen per cent said their organization had written cloud security policies enforced by IT, with another 19 per cent saying those policies were also supported by corporate governance.

Survey respondents also divided themselves into novice, intermediate and experienced cloud users. The number of those in each category was smaller than the overall base, which reduces the accuracy of the survey. However that didn’t prevent Scalar CTO Neil Bunn from drawing conclusions.

“The biggest elements that struck me was the realization of clients that the further they delve into cloud (by experience) the more the need to delve into cloud security … You had to be doing a lot of cloud to realize the importance of building a security framework when using it. Early adopters in the survey were less concerned, or were more concerned about rudimentary issues such as the location of data. Those who were highly experienced realized their entire security practice need to change to adapt to what they were able to deliver.”

The aim of the survey was to find out the state of adoption of cloud computing among Canadian organizations. Scalar does a separate security survey. However, Bunn said, it was “overwhelmingly clear security was a hot button” in the results. “Many acknowledged that cloud does need its own distinct approach to security,” he said, especially if the IT department is using platform-as-a-service PaaS or infrastructure-as-a-service (IaaS) tools, existing policies don’t handle dynamic environments well

Of the full group surveyed (355 people), 41 per cent said their organization doesn’t use any cloud services.

The study includes answers to other questions, some of which have small samples from which it may be hard to deduce conclusions. For example, of the 211 respondents whose organizations use the cloud there were only 70 IT decision makers. That group said an average of 31 per cent of their workloads were currently in a public cloud. They expected that to increase to 35 per cent of workloads in the next 12 months, and 41 peer cent in 36 months.

They also said an average of 20 per cent of their budgets were currently allocated to public cloud, expecting that to grow to 25 per cent in 12 months and 29 per cent in 36 months.

Asked what their company perceived as its top concerns or challenges before adopting cloud computing, 42 per cent of business and IT users said reliability, followed by security (37 per cent.) However, 67 per cent said their firm was able to overcome the security concerns.

Still, 75 per cent said security is a still worry, as well as integration and operational performance.

Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com